CVE-2024-50258

Config a small gsomaxsize/gsoipv4maxsize will lead to an underflow in skdstgsomaxsize(), which may trigger a BUGON crash, because sk->skgsomaxsize would be much bigger than device limits. Call Trace: tcpwritexmit tsosegs = tcpinittsosegs(skb, mssnow); tcpsetskbtsosegs tcpskbpcountset // skb->len = 524288, mssnow = 8 // u16 tsosegs = 524288/8 = 65535 -> 0 tsosegs = DIVROUNDUP(skb->len, mssnow) BUGON(!tsosegs) Add check for the minimum value of gsomaxsize and gsoipv4maxsize.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/50xxx/CVE-2024-50258.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

46e6b992c2502b094e61da6994f1363f3b7c1413

Fixed

90c8482a5d9791259ba77bfdc1849fc5128b4be7

Fixed

e9365368b483328639c03fc730448dccd5a25b6b

Fixed

ac5977001eee7660c643f8e07a2de9001990b7b8

Fixed

e72fd1389a5364bc6aa6312ecf30bdb5891b9486

Fixed

9ab5cf19fb0e4680f95e506d6c544259bf1111c4

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-50258.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.16.0

Fixed

5.15.181

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.1.120

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.60

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.11.7

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-50258.json"